ID CVE-2018-16845
Summary nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
References
Vulnerable Configurations
  • Nginx 1.15.0
    cpe:2.3:a:nginx:nginx:1.15.0
  • Nginx 1.15.1
    cpe:2.3:a:nginx:nginx:1.15.1
  • Nginx 1.15.2
    cpe:2.3:a:nginx:nginx:1.15.2
  • Nginx 1.0.0
    cpe:2.3:a:nginx:nginx:1.0.0
  • Nginx 1.0.1
    cpe:2.3:a:nginx:nginx:1.0.1
  • Nginx 1.0.2
    cpe:2.3:a:nginx:nginx:1.0.2
  • Nginx 1.0.3
    cpe:2.3:a:nginx:nginx:1.0.3
  • Nginx 1.0.4
    cpe:2.3:a:nginx:nginx:1.0.4
  • Nginx 1.0.5
    cpe:2.3:a:nginx:nginx:1.0.5
  • Nginx 1.0.6
    cpe:2.3:a:nginx:nginx:1.0.6
  • Nginx 1.0.7
    cpe:2.3:a:nginx:nginx:1.0.7
  • Nginx 1.0.8
    cpe:2.3:a:nginx:nginx:1.0.8
  • Nginx 1.0.9
    cpe:2.3:a:nginx:nginx:1.0.9
  • Nginx 1.0.10
    cpe:2.3:a:nginx:nginx:1.0.10
  • Nginx 1.0.11
    cpe:2.3:a:nginx:nginx:1.0.11
  • Nginx 1.0.12
    cpe:2.3:a:nginx:nginx:1.0.12
  • Nginx 1.0.13
    cpe:2.3:a:nginx:nginx:1.0.13
  • Nginx 1.0.14
    cpe:2.3:a:nginx:nginx:1.0.14
  • Nginx 1.0.15
    cpe:2.3:a:nginx:nginx:1.0.15
  • Nginx 1.1.0
    cpe:2.3:a:nginx:nginx:1.1.0
  • Nginx 1.1.1
    cpe:2.3:a:nginx:nginx:1.1.1
  • Nginx 1.1.2
    cpe:2.3:a:nginx:nginx:1.1.2
  • Nginx 1.1.3
    cpe:2.3:a:nginx:nginx:1.1.3
  • Nginx 1.1.4
    cpe:2.3:a:nginx:nginx:1.1.4
  • Nginx 1.1.5
    cpe:2.3:a:nginx:nginx:1.1.5
  • Nginx 1.1.6
    cpe:2.3:a:nginx:nginx:1.1.6
  • Nginx 1.1.7
    cpe:2.3:a:nginx:nginx:1.1.7
  • Nginx 1.1.8
    cpe:2.3:a:nginx:nginx:1.1.8
  • Nginx 1.1.9
    cpe:2.3:a:nginx:nginx:1.1.9
  • Nginx 1.1.10
    cpe:2.3:a:nginx:nginx:1.1.10
  • Nginx 1.1.11
    cpe:2.3:a:nginx:nginx:1.1.11
  • Nginx 1.1.12
    cpe:2.3:a:nginx:nginx:1.1.12
  • Nginx 1.1.13
    cpe:2.3:a:nginx:nginx:1.1.13
  • Nginx 1.1.14
    cpe:2.3:a:nginx:nginx:1.1.14
  • Nginx 1.1.15
    cpe:2.3:a:nginx:nginx:1.1.15
  • Nginx 1.1.16
    cpe:2.3:a:nginx:nginx:1.1.16
  • Nginx 1.1.17
    cpe:2.3:a:nginx:nginx:1.1.17
  • Nginx 1.1.18
    cpe:2.3:a:nginx:nginx:1.1.18
  • Nginx 1.1.19
    cpe:2.3:a:nginx:nginx:1.1.19
  • Nginx 1.2.0
    cpe:2.3:a:nginx:nginx:1.2.0
  • Nginx 1.3.0
    cpe:2.3:a:nginx:nginx:1.3.0
  • Nginx 1.3.1
    cpe:2.3:a:nginx:nginx:1.3.1
  • Nginx 1.3.2
    cpe:2.3:a:nginx:nginx:1.3.2
  • Nginx 1.3.3
    cpe:2.3:a:nginx:nginx:1.3.3
  • Nginx 1.3.4
    cpe:2.3:a:nginx:nginx:1.3.4
  • Nginx 1.3.5
    cpe:2.3:a:nginx:nginx:1.3.5
  • Nginx 1.3.6
    cpe:2.3:a:nginx:nginx:1.3.6
  • Nginx 1.3.7
    cpe:2.3:a:nginx:nginx:1.3.7
  • Nginx 1.3.8
    cpe:2.3:a:nginx:nginx:1.3.8
  • Nginx 1.3.9
    cpe:2.3:a:nginx:nginx:1.3.9
  • Nginx 1.3.10
    cpe:2.3:a:nginx:nginx:1.3.10
  • Nginx 1.3.11
    cpe:2.3:a:nginx:nginx:1.3.11
  • Nginx 1.3.12
    cpe:2.3:a:nginx:nginx:1.3.12
  • Nginx 1.3.13
    cpe:2.3:a:nginx:nginx:1.3.13
  • Nginx 1.3.14
    cpe:2.3:a:nginx:nginx:1.3.14
  • Nginx 1.3.15
    cpe:2.3:a:nginx:nginx:1.3.15
  • Nginx 1.3.16
    cpe:2.3:a:nginx:nginx:1.3.16
  • Nginx 1.4.0
    cpe:2.3:a:nginx:nginx:1.4.0
  • Nginx 1.4.1
    cpe:2.3:a:nginx:nginx:1.4.1
  • Nginx 1.4.2
    cpe:2.3:a:nginx:nginx:1.4.2
  • Nginx 1.4.3
    cpe:2.3:a:nginx:nginx:1.4.3
  • Nginx 1.5.0
    cpe:2.3:a:nginx:nginx:1.5.0
  • Nginx 1.5.1
    cpe:2.3:a:nginx:nginx:1.5.1
  • Nginx 1.5.2
    cpe:2.3:a:nginx:nginx:1.5.2
  • Nginx 1.5.3
    cpe:2.3:a:nginx:nginx:1.5.3
  • Nginx 1.5.4
    cpe:2.3:a:nginx:nginx:1.5.4
  • Nginx 1.5.5
    cpe:2.3:a:nginx:nginx:1.5.5
  • Nginx 1.5.6
    cpe:2.3:a:nginx:nginx:1.5.6
  • Nginx 1.5.7
    cpe:2.3:a:nginx:nginx:1.5.7
  • Nginx 1.5.8
    cpe:2.3:a:nginx:nginx:1.5.8
  • Nginx 1.5.9
    cpe:2.3:a:nginx:nginx:1.5.9
  • Nginx 1.5.10
    cpe:2.3:a:nginx:nginx:1.5.10
  • Nginx 1.5.11
    cpe:2.3:a:nginx:nginx:1.5.11
  • Nginx 1.5.12
    cpe:2.3:a:nginx:nginx:1.5.12
  • nginx 1.6.0
    cpe:2.3:a:nginx:nginx:1.6.0
  • nginx 1.6.1
    cpe:2.3:a:nginx:nginx:1.6.1
  • Nginx 1.6.2
    cpe:2.3:a:nginx:nginx:1.6.2
  • Nginx 1.7.5
    cpe:2.3:a:nginx:nginx:1.7.5
  • Nginx 1.7.6
    cpe:2.3:a:nginx:nginx:1.7.6
  • Nginx 1.7.7
    cpe:2.3:a:nginx:nginx:1.7.7
  • Nginx 1.7.8
    cpe:2.3:a:nginx:nginx:1.7.8
  • Nginx 1.7.9
    cpe:2.3:a:nginx:nginx:1.7.9
  • Nginx 1.7.10
    cpe:2.3:a:nginx:nginx:1.7.10
  • Nginx 1.7.11
    cpe:2.3:a:nginx:nginx:1.7.11
  • Nginx 1.7.12
    cpe:2.3:a:nginx:nginx:1.7.12
  • Nginx 1.8.0
    cpe:2.3:a:nginx:nginx:1.8.0
  • Nginx 1.9.0
    cpe:2.3:a:nginx:nginx:1.9.0
  • Nginx 1.9.1
    cpe:2.3:a:nginx:nginx:1.9.1
  • Nginx 1.9.2
    cpe:2.3:a:nginx:nginx:1.9.2
  • Nginx 1.9.3
    cpe:2.3:a:nginx:nginx:1.9.3
  • Nginx 1.9.4
    cpe:2.3:a:nginx:nginx:1.9.4
  • Nginx 1.9.5
    cpe:2.3:a:nginx:nginx:1.9.5
  • Nginx 1.9.6
    cpe:2.3:a:nginx:nginx:1.9.6
  • Nginx 1.9.7
    cpe:2.3:a:nginx:nginx:1.9.7
  • Nginx 1.9.8
    cpe:2.3:a:nginx:nginx:1.9.8
  • Nginx 1.9.9
    cpe:2.3:a:nginx:nginx:1.9.9
  • Nginx 1.9.10
    cpe:2.3:a:nginx:nginx:1.9.10
  • Nginx 1.9.11
    cpe:2.3:a:nginx:nginx:1.9.11
  • Nginx 1.9.12
    cpe:2.3:a:nginx:nginx:1.9.12
  • Nginx 1.9.13
    cpe:2.3:a:nginx:nginx:1.9.13
  • Nginx 1.9.14
    cpe:2.3:a:nginx:nginx:1.9.14
  • Nginx 1.9.15
    cpe:2.3:a:nginx:nginx:1.9.15
  • Nginx 1.10.0
    cpe:2.3:a:nginx:nginx:1.10.0
  • Nginx 1.10.1
    cpe:2.3:a:nginx:nginx:1.10.1
  • Nginx 1.11.0
    cpe:2.3:a:nginx:nginx:1.11.0
  • Nginx 1.11.1
    cpe:2.3:a:nginx:nginx:1.11.1
  • Nginx 1.11.2
    cpe:2.3:a:nginx:nginx:1.11.2
  • Nginx 1.11.3
    cpe:2.3:a:nginx:nginx:1.11.3
  • Nginx 1.11.4
    cpe:2.3:a:nginx:nginx:1.11.4
  • Nginx 1.11.5
    cpe:2.3:a:nginx:nginx:1.11.5
  • Nginx 1.11.6
    cpe:2.3:a:nginx:nginx:1.11.6
  • Nginx 1.11.7
    cpe:2.3:a:nginx:nginx:1.11.7
  • Nginx 1.11.8
    cpe:2.3:a:nginx:nginx:1.11.8
  • Nginx 1.11.9
    cpe:2.3:a:nginx:nginx:1.11.9
  • Nginx 1.11.10
    cpe:2.3:a:nginx:nginx:1.11.10
  • Nginx 1.11.11
    cpe:2.3:a:nginx:nginx:1.11.11
  • Nginx 1.11.12
    cpe:2.3:a:nginx:nginx:1.11.12
  • Nginx 1.11.13
    cpe:2.3:a:nginx:nginx:1.11.13
  • Nginx 1.12.0
    cpe:2.3:a:nginx:nginx:1.12.0
  • Nginx 1.12.1
    cpe:2.3:a:nginx:nginx:1.12.1
  • Nginx 1.12.2
    cpe:2.3:a:nginx:nginx:1.12.2
  • Nginx 1.13.0
    cpe:2.3:a:nginx:nginx:1.13.0
  • Nginx 1.13.1
    cpe:2.3:a:nginx:nginx:1.13.1
  • Nginx 1.13.2
    cpe:2.3:a:nginx:nginx:1.13.2
  • Nginx 1.13.3
    cpe:2.3:a:nginx:nginx:1.13.3
  • Nginx 1.13.4
    cpe:2.3:a:nginx:nginx:1.13.4
  • Nginx 1.13.5
    cpe:2.3:a:nginx:nginx:1.13.5
  • Nginx 1.13.6
    cpe:2.3:a:nginx:nginx:1.13.6
  • Nginx 1.13.7
    cpe:2.3:a:nginx:nginx:1.13.7
  • Nginx 1.13.8
    cpe:2.3:a:nginx:nginx:1.13.8
  • Nginx 1.13.9
    cpe:2.3:a:nginx:nginx:1.13.9
  • Nginx 1.13.10
    cpe:2.3:a:nginx:nginx:1.13.10
  • Nginx 1.13.11
    cpe:2.3:a:nginx:nginx:1.13.11
  • Nginx 1.13.12
    cpe:2.3:a:nginx:nginx:1.13.12
  • Nginx 1.14.0
    cpe:2.3:a:nginx:nginx:1.14.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux 7.4
    cpe:2.3:o:redhat:enterprise_linux:7.4
  • Red Hat Enterprise Linux 7.5
    cpe:2.3:o:redhat:enterprise_linux:7.5
  • Red Hat Enterprise Linux 7.6
    cpe:2.3:o:redhat:enterprise_linux:7.6
CVSS
Base: 5.8
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4335.NASL
    description Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could result in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).
    last seen 2019-01-16
    modified 2018-12-13
    plugin id 118840
    published 2018-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118840
    title Debian DSA-4335-1 : nginx - security update
  • NASL family Web Servers
    NASL id NGINX_1_15_6.NASL
    description According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues : - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage. (CVE-2016-16843) - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage. (CVE-2016-16844) - An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2016-16845)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 118956
    published 2018-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118956
    title nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilties
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0334-1.NASL
    description This update for nginx to version 1.14.2 fixes the following issues : Security vulnerabilities addressed : CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022). CVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015). Other bug fixes and changes made: Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. The logging level of the 'http request', 'https proxy request', 'unsupported protocol', 'version too low', 'no suitable key share', and 'no suitable signature algorithm' SSL errors has been lowered from 'crit' to 'info'. Fixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off 'ssl_prefer_server_ciphers' in a virtual server if it was switched on in the default server. Fixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1 Fixed an issue with sending a disk-buffered request body to a gRPC backend Fixed an issue with connections of some gRPC backends might not be cached when using the 'keepalive' directive. Fixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. Fixed an issue, whereby working with gRPC backends might result in excessive memory consumption. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-14
    modified 2019-02-13
    plugin id 122147
    published 2019-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122147
    title SUSE SLES15 Security Update : nginx (SUSE-SU-2019:0334-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1399.NASL
    description According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16843) - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16844) - An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service (server crash or hang) and, possibly, information disclosure.(CVE-2018-16845) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-13
    plugin id 119527
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119527
    title EulerOS 2.0 SP3 : nginx (EulerOS-SA-2018-1399)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3812-1.NASL
    description It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844) It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-13
    plugin id 118820
    published 2018-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118820
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nginx vulnerabilities (USN-3812-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1572.NASL
    description It was discovered that there was a denial of service (DoS) vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when the size was 0, or various other problems due to integer underflow when the calculating atom data size, including segmentation faults or even worker-process memory disclosure. For Debian 8 'Jessie', this issue has been fixed in nginx version 1.6.2-5+deb8u6. We recommend that you upgrade your nginx packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-05
    modified 2019-02-04
    plugin id 118839
    published 2018-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118839
    title Debian DLA-1572-1 : nginx security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_84CA56BEE1DE11E8BCFD00E04C1EA73D.NASL
    description NGINX Team reports : Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory isclosure by using a specially crafted mp4 file (CVE-2018-16845). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the 'mp4' directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
    last seen 2019-01-16
    modified 2018-12-13
    plugin id 118754
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118754
    title FreeBSD : NGINX -- Multiple vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-7C540FDAB4.NASL
    description Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase to 1.14.1. ---- New version 1.14.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-03
    plugin id 120557
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120557
    title Fedora 29 : 1:nginx (2018-7c540fdab4)
redhat via4
advisories
  • rhsa
    id RHSA-2018:3652
  • rhsa
    id RHSA-2018:3653
  • rhsa
    id RHSA-2018:3680
  • rhsa
    id RHSA-2018:3681
refmap via4
bid 105868
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845
debian DSA-4335
misc http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
mlist [debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update
sectrack 1042039
ubuntu USN-3812-1
Last major update 07-11-2018 - 09:29
Published 07-11-2018 - 09:29
Last modified 01-02-2019 - 09:03
Back to Top